Golden: CIOs Can't Ignore Open Source

Lora Bentley

Despite the fact that open source saves companies money, is more secure and performs better in some instances than proprietary software, it does present risks. The most common, of course, is a company's legal risk if it is not compliant with the licenses under which the software is released.

 

But CIO.com blogger and Navica CEO Bernard Golden says there are even bigger problems when a CIO isn't aware of the extent to which open source is used in an organization:

The far larger risk is that there is no visibility into the makeup of a significant portion of the company's IT infrastructure. How can you confidently plan for SLA commitments when you're not sure of what software you're running, its maturity, supportability, and so on? Furthermore, as a CIO, you face the very real potential of being unable to adequately map out your workforce skills planning, since you are unaware of what development and operations commitments accompany these invisible software implementations. Finally, it's hard to attest to important regulatory requirements (if you're subject to regulations like recoverability and so on, as financial institutions are), when you don't know what will need to be recovered.

Despite what a typical CIO's knee-jerk reaction might be, Golden says banning open source is out of the question at this point. It is too prevalent in most enterprises. He points to Gartner's prediction that even 80 percent of commercial software will include open source by 2012.

 

Instead, he says, CIOs should familiarize themselves with the open source that's already in their networks. (Participating in the Open Source Census would be a good way of doing so.) And then they should establish policies and procedures for open source implementation, use and governance.



Add Comment      Leave a comment on this blog post
Oct 27, 2008 12:23 PM Korak Mitra Korak Mitra  says:
One way CIOs can manage the compliance legal risks of open source is to audit the software on their network, specifically for open source and its associated license obligations.For a quick primer on the typical license obligations present in open source, as well as some potential audit options, visit: http://sourceauditor.com Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.